Karsun Solutions LLC

  • Application Security Analyst

    Job Locations US-VA-Herndon
    Posted Date 1 month ago(12/13/2018 2:42 PM)
    ID
    1880
    # of Openings
    1
    Category
    Information Technology
  • Overview

    This position supports the General Services Administration (GSA) CAMEO program. The Karsun team is responsible for the development, maintenance, and enhancement (DM&E) and operation of selected GSA Federal Acquisition IT Systems. All employees must be able to pass a Federal Suitability Check for a position of public trust. The GSA CAMEO program supports the operations of multiple business applications, as well as development of new applications across different technologies. The Karsun software development team is responsible for the software design and implementation of web applications supporting multiple Business Lines within GSA. Successful candidates are modern web development specialists experienced in translating business requirements into software architecture.  In addition to strong software development skills, ideal candidates have demonstrated experience in working on an Agile Scrum team. Position location is in Herndon, VA. 

    Responsibilities

    Responsibilites: 

    Develop secure coding guidelines and best practice documentation for custom developed applications as well as ensuring the guidelines are followed.  Collaborate with development teams to ensure secure coding best practices are followed.  Identify tools and automate rules into DevSecOps pipelines to ensure coding practices are followed and vulnerabilities & risks are identified early.  Works with developers, management, and staff to identify and implement security plans for applications in accordance with FISMA, NIST-SP800-53 and DISA STIG.  Interpret operating system, database, and web application vulnerability scan reports.  Collaborate with development teams to guide remediation of  software vulnerabilities.  Work with client's ISSM and ISSOs to support Information Assurance and audit activities.   Track and manage existing and future vulnerabilities through the system Plan of Action and Milestones (POA&M).  Remediating issues identified in PoAMs as specified by security policy.  Write and update security documentation (System Security Plans, Contingency Plans, Business Impact Analysis, Privacy Impact Assessments, etc.).

     

    Additionally, provide continuous monitoring support, maintaining and monitoring controls within the system security plan.  Support security assessment, Payment Card Industry (PCI) Data Security Standards (DSS) and other Audit activities such as annual FISMA self-assessments.  Ensure compliance with the GSA IT Security Policy CIO P 2100.1H, IT Security Procedural Guide Managing Enterprise Risk (CIO-IT Security-06-30 revision 7, IT Procedural Guide Security Language for IT Acquisition Efforts CIO-IT Security-09-48 revision 1.  Perform Privacy Impact Assessments (PIA) and maintain PCI DSS as appropriate.  In support of audits, providing evidentiary artifacts and responding to inquiries/questions from auditors.  Assist application teams in migrating security controls to cloud (AWS, Azure, GCP, etc.)

    Qualifications

    Required Skills:

    • Extensive knowledge of NIST Publications (800-53, etc.), FISMA, PCI-DSS
    • Great oral and written communication skills
    • Strong Cloud security best practices
    • ISSO role experience in a production environment supporting application teams, CI/CD pipeline, Agile methodology, and tools automation.
    • Strong SDLC understanding

    Desired Skills: 

    • Knowledge of GSA policies and procedures
    • Security documentation writing experience: System Security Plan (SSP), Contingency Plans (CP), Plan of Action and Milestones (POA&M), Acceptance of Risk (AOR), Business Process Document (BPD), etc.

    Qualifications (Education/Experience)

    • Minimum Education: B.S. Computer Science or Information security degree
    • Minimum 5 years experience of ISSO role experience in a production environment  supporting application development teams
    • Security related certifications (CISSP, CISM, CISA)

    For more information on this or any other position, chat one-on-one with our recruiters during our weekly virtual chat event every Thursday at 12:00pm EST.

    Karsun Solutions is an Equal Employment Opportunity (EEO) employer. It is the policy of the Company to provide equal employment opportunities to all qualified applicants without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, protected veteran or disabled status, or genetic information.

    Options

    Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
    Share on your newsfeed